bcrypt
The first really-deliberately-slow password hash. Still everywhere (Rails, Laravel, Django defaults), but Argon2id is the modern pick.
By Deepak Gupta ·
bcrypt was the first widely deployed password-hashing function explicitly designed to be slow and to scale with hardware via a tunable cost factor. It's still the safe default in many web frameworks because every language has a battle-tested implementation. The two reasons not to pick bcrypt for *new* designs in 2026: it caps input length at 72 bytes (longer passwords are silently truncated, a UX/security footgun), and it has no memory-hardness parameter, so a determined attacker with FPGAs / ASICs can crack it much faster than a defender can hash it. For storing new password hashes today, Argon2id is the better choice; for *verifying* existing bcrypt hashes during a migration, bcrypt is still appropriate.
Recommended uses
- ·Verifying legacy password databases during migration to Argon2id
- ·New designs where Argon2id isn't available in your runtime
Known attacks / caveats
- ·72-byte input truncation (UX footgun)
- ·GPU/FPGA acceleration outruns CPU-based defender
Designed by
Niels Provos, David Mazières, published 1999.
Deep dive on guptadeepak.com
The Complete Guide to Password Hashing: Argon2 vs Bcrypt vs Scrypt vs PBKDF2 (2026)
The deep-dive on which password-hashing function to pick and how to tune it.